Jake's Flashcards (DA GOAT)

Question 1

We have identified three general approaches to the acquisition of information processing
functionalities and the introduction of IT-based information systems. Which of the
following is not one of them?
A. Custom design and development
B. System selection and acquisition
C. End-user development
D. Open source development
E. None of the above

Answer 1

Open source development

Question 2

What are the three steps that occur during the implementation phase of the SDLC?
A. Programming, Testing, Installation
B. Investigation, Installation, Operations
C. Programming, Installation, Maintenance
D. Installation, Operations, Maintenance
E. Investigation, Testing, Installation

Answer 2

Installation, Operations, Maintenance

Question 3

In which of the following phases should you expect to be most involved as a general or
functional manager?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C

Answer 3

A and C

Question 4

In which phase(s) do the system development life cycle (SDLC) and the system selection
process differ most substantially?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C

Answer 4

A and B

Question 5

The three generic phases of a system life-cycle process are:
A. Definition, Design, and Testing
B. Definition, Build, and Implementation
C. Planning, Testing, and Implementation
D. Build, Testing, and Deployment
E. None of the above

Answer 5

Definition, Build, and Implementation

Question 6

Why is the Systems development Life Cycle methodology typically referred to as “the
waterfall model”?
A. Because it was first popularized in a town with many waterfalls
B. To stress the fact that phases are sequential and iteration (or going back) should be
avoided as much as possible.
C. Because the SDLC, like prototyping, is not iterative.
D. To convey the notion that getting good user requirements is important and there
should be multiple opportunities to elicit user requirements.
E. B and D

Answer 6

To stress the fact that phases are sequential and iteration (or going back) should be avoided as much as possible.

Question 7

Your book describes the systems selection process in-depth. Which of the following is
not a step in the system selection process?
A. Compile an RFP
B. Develop a vendor short list.
C. Solicit proposals.
D. Visit vendor sites.
E. Have vendors provide demonstrations.

Answer 7

Visit vendor sites

Question 8

Which of the following are not approaches to acquisition of information processing
functionalities?
A. Custom Design
B. Custom Development
C. System Selection and Acquisition
D. End-user Development
E. Open Source Development

Answer 8

Open Source Development

Question 9

Which of the following is not one of the advantages related to making your own systems?
A. Unique Tailoring
B. Flexibility
C. Control
D. Faster Roll-Out
E. All of these are advantages

Answer 9

Faster Roll-Out

Question 10

Which of the following is not one of the advantages related to purchasing an off-the-shelf
system?
A. Unique Tailoring
B. Faster Roll-Out
C. Knowledge Infusion
D. Economical Attractiveness
E. High Quality

Answer 10

Unique Tailoring

Question 11

The Systems Development Life Cycle has three main phases. These are:
A. Definition, System Design, and Implementation
B. Feasibility Analysis, Programming, and Implementation
C. Definition, Build, and Implementation
D. Investigation, Feasibility Analysis, and System Analysis
E. Installation, Operations, and Maintenance

Answer 11

Definition, System Design, and Implementation

Question 12

The IS department workers that experts in both technology and the business processes are
called what?
A. Programmers
B. Analysts
C. Functional Managers
D. Help Desk Personnel
E. Technicians.

Answer 12

Analysts

Question 13

Which stage of the SDLS typically results in a “go” or “no-go” decision?
A. Feasibility Analysis
B. Systems Analysis
C. System Design
D. Programming
E. Testing

Answer 13

Feasibility Analysis

Question 14

A bank upgrades a computer system at one of its branches. If this works correctly, then
the upgraded system will be installed at the other branches. Which migration approach is
this most likely related to?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional

Answer 14

Pilot

Question 15

A bank upgrades the computer systems of its branches, one branch at a time. This is
most likely which of the following migration strategies?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional

Answer 15

Phased

Question 16

The Build phase of the SDLC is used to ensure that the software is properly integrated
with the other components of the information system.

True or False?

Answer 16

False

Question 17

The SDLC and prototyping methodologies are one and the same.

True or False?

Answer 17

False

Question 18

Both the SDLC and prototyping methodologies are use d to create custom systems.

True or False?

Answer 18

True

Question 19

Off-the-shelf systems enable infusion of knowledge in the organization

True or False?

Answer 19

True

Question 20

End-user development: The process by which an organization’s non–IT specialists create
software applications.

True or False?

Answer 20

True

Question 21

Custom software development is a systems development approach predicated on the notion that it impossible to clearly estimate and plan in detail such complex endeavors as information systems design and development projects.

True or False?

Answer 21

False

Question 22

A system analyst is a highly skilled IT professional who takes the system requirements document (i.e., what the applications should do) and designs the structure of the system
(i.e., how the application will perform its tasks).

True or False?

Answer 22

False

Question 23

Risk Audit provides the basis for:
A. Risk Reduction
B. Risk Transference
C. Risk Analysis
D. Reward Mechanism
E. Risk increase

Answer 23

Risk Analysis

Question 24

Security should be on managers’ radar screens because of peculiar characteristics that run
the risk of leaving it what?
A. Underfunded
B. Overfunded
C. Overstaffed
D. Irrelevant
E. Neutralized

Answer 24

Underfunded

Question 25

Why is security considered a negative deliverable?
A. It costs money
B. It produces only tangible benefits
C. It does not affect profits whether it is done well or poorly
D. It is largely ignored
E. It produces no revenue or efficiency

Answer 25

It produces no revenue or efficiency

Question 26

Risk mitigation allows the organization to do what?
A. Devise optimal strategies
B. Prevent security issues from every happening in the first place
C. Keep both costs and risks at minimum levels
D. Maximize failure costs
E. Reward IT workers when no issues arise

Answer 26

Devise optimal strategies

Question 27

When a company is faced with a security threat, they have which three strategies available
to them?
A. Acceptance, avoidance, and transference
B. Acceptance, reduction, and transference
C. Avoidance, reduction, and transference
D. Acceptance, avoidance, and reduction
E. All of the above

Answer 27

B. Acceptance, reduction, and transference

Question 28

Which of the following strategies is associated with increased potential for failure?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis

Answer 28

Acceptance

Question 29

Insurance costs are most directly associated with which risk strategy?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis

Answer 29

Transference

Question 30

Increased anticipation costs are most directly associated with which risk strategy?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis

Answer 30

Reduction

Question 31

Which of the following is an example of an internal threat?
A. Viruses
B. Intrusions
C. Social Engineering
D. Backdoors
E. Angry Employees

Answer 31

Angry Employees

Question 32

Which of the following refers to code built into a program to allow the programmer a way
to bypass password protection?
A. Password Spoofing
B. Bugs
C. Viruses
D. Phishing
E. Backdoors

Answer 32

Backdoors

Question 33

Which of the following is an automated method of seeking passwords?
A. Phishing
B. Social Engineering
C. Software bugs
D. Backdoors
E. Careless behavior

Answer 33

Phishing

Question 34

Which of the following is not a form of malware?
A. Viruses
B. Spyware
C. Sniffers
D. Keyloggers
E. Worms

Answer 34

Sniffers

Question 35

Why is a Trojan horse not a virus?
A. It does not have a payload
B. It does not have a trigger event
C. It does not replicate
D. It is a legitimate form of security protection
E. It does not do anything harmful

Answer 35

It does not replicate

Question 36

Why is spyware usually not considered a virus?
A. It does not replicate
B. It does not have a payload
C. It does not do anything other than watch what the user does
D. It only shows advertisements
E. None of the above. They are always viruses

Answer 36

It does not replicate

Question 37

Which of the following is a viable method of dealing with internal security threats?
A. Antivirus software
B. Policies regarding what computing resources are accessible to whom
C. Firewalls
D. Policies that mandate frequent updates to programs and such
E. Not immediately deleting terminated employees

Answer 37

Policies regarding what computing resources are accessible to whom

Question 38

Generally, a company should buy instead of make if 80% of the required functionality is present in a COTS solution. This rule holds unless the remaining 20% functionality is of strategic importance to the company.

True or false?

Answer 38

True

Question 39

A business school has developed a new leave portal for all its employees and decides to immediately switch from the old platform to the new one. This migration is considered a low risk endeavor for the school and its employees. This type of migration approach is considered as:
direct
parallel
phased
pilot

Answer 39

Direct

Question 40

An organization takes the decision in favor of “make: versus “buy” if no commercially available implementation of a design idea exists in the market.

True or false?

Answer 40

True

Question 41

Apple, Inc. provides its users the opportunity to develop applications which can later be downloaded and used via the Apple App Store. This approach of design and development where a software application is created or improved by its users is called:
a. custom design and development
b. end-user development
c. system selection and acquisition
d. none of the above

Answer 41

end-user development

Question 42

Company A is implementing a new HR system. The new system will roll out using a direct
installation approach. Which of the following is critical to the successful installation of the
new HR system?
A. agile development
B. change management
C. system analysis
D. testing

Answer 42

change management

Question 43

Company A is thinking about using blockchain technology in managing its supply chain. The
company is thinking of using the Ethereum blockchain, an existing blockchain solution, rather
than developing its unique solution. Which of the following is advantage of using the existing
blockchain solution?
A. faster-roll out
B. flexibility and control
C. no advantage
D. unique tailoring

Answer 43

faster-roll out

Question 44

COTS is an acronym for “customized off-the-shelf” software.
A. false
B. true

Answer 44

false

Question 45

Creating the IT core is sufficient to fulfill the information processing needs of the firm.
A. false
B. true

Answer 45

false

Question 46

Go or no-go recommendations for a project are provided at what phase of the systems
development life cycle (SDLC)?
A. build phase (just after system design and before programming)
B. definition phase (just after feasibility analysis and before system analysis)
C. definition phase (just after investigation and before feasibility analysis)
D. definition phase (just after system analysis and before investigation)

Answer 46

definition phase (just after feasibility analysis and before system analysis)

Question 47

Mr. Smith, an owner of a media-services provider, decided to stop depending on applications
that are available on the market, and instead, to start developing unique applications
internally. Which of the following describes Mr. Smith’s decision?
A. moving from custom design and development to end user development
B. moving from custom design and development to system selection and acquisition
C. moving from system selection and acquisition to custom design and development
D. moving from system selection and acquisition to end user development

Answer 47

moving from system selection and acquisition to custom design and development

Question 48

Scope creep is the reason why system requirements are frozen once stakeholders signoff the
systems requirement document. Scope creep can lead to:
A. improved efficiency in project deployment
B. significant decrease in cost and faster development of the project
C. significant increase in cost and delay in development of the project
D. none of the above

Answer 48

significant increase in cost and delay in development of the project

Question 49

Software-as-a-service (SaaS) solutions can be classified as COTS applications.
A. false
B. true

Answer 49

true

Question 50

Technical feasibility is concerned with taking the system requirements document and
producing a robust, secure, and efficient application.
A. false
B. true

Answer 50

false

Question 51

Technology development must take into account which three key considerations?
A. people, processes and structure
B. people, project funding and structure
C. people, shareholders and structure
D. none of the above

Answer 51

people, processes and structure

Question 52

The build phase of the systems development life cycle (SDLC) consists of which of the
following sub-processes:
A. installation, operations, maintenance
B. investigation, feasibility analysis, system analysis
C. system design, programming, testing
D. none of the above

Answer 52

investigation, feasibility analysis, system analysis

Question 53

The SNCF rail network in France recently introduced a new app to book train tickets by the
name of “oui SNCF”. The app was expressly made for serving the needs of the many SNCF
customers who travel between cities in France over the rail network. What can you infer
about the design and development approach of the application?
A. custom design and development
B. end-user development
C. system selection and acquisition
D. none of the above

Answer 53

custom design and development

Question 54

The technology development and the IS development processes are often sequential.
A. false
B. true

Answer 54

false

Question 55

The US subsidiary of a major food producer decided to implement SAP within their
organization. SAP is an openly available enterprise software to manage business operations
and customer relations. Which type of design and development approach does the
commercially available SAP software fall into?
A. custom design and development
B. end-user development
C. system selection and acquisition
D. none of the above

Answer 55

none of the above

Question 56

When fulfilling the IS processing needs, what does the firm has to do in the information
systems development process?

A. assess current IS within the firm
B. develop capabilities to develop the IS
C. generate the IT core
D. integrate the technology with other components of the organization (i.e. people, processes,
structure)

Answer 56

integrate the technology with other components of the organization (i.e. people, processes,
structure)

Question 57

When YouTube launched its video-sharing platform in 2005, it had to develop its own IS. This
is an example of system selection and development.
A. false
B. true

Answer 57

false

Question 58

Which of the following are the two main processes of fulfilling information processing needs?
A. capability development and IT development
B. custom IS development and technical skills development
C. IS research and IS development
D. technology development and IS development

Answer 58

custom IS development and technical skills development

Question 59

Which of the following are two critical processes that take place during the installation phase?
A. change management and prototyping
B. end-user training and change management
C. end-user training and prototyping
D. programming and testing

Answer 59

end-user training and change management

Question 60

Which of the following is an advantage of custom development?
A. economically attractive
B. faster roll-out
C. flexibility and control
D. knowledge infusion

Answer 60

flexibility and control

Question 61

Which of the following is not an advantage of custom development of software applications
within an organization?
A. cost savings
B. flexibility and control
C. unique tailoring
D. none of the above

Answer 61

cost savings

Question 62

Which of the following is not an advantage of open source software?
A. creativity
B. limited lock-in
C. robustness
D. security

Answer 62

security

Question 63

Which of the following is not an advantage of purchasing?
A. faster rollout
B. flexibility
C. high quality
D. knowledge infusion

Answer 63

flexibility

Question 64

Which of the following is not an approach to the acquisition of information processing
functionalities and the introduction of IT-based information systems?
A. customer design and development
B. end-user development
C. supervised development
D. system selection and acquisition

Answer 64

supervised development

Question 65

Which of the following statements is not a part of the “agile manifesto” for software
development:
A. customer collaboration over contract negotiation
B. processes and tools over individuals and interactions
C. responding to change over following a plan
D. working software over comprehensive documentation

Answer 65

processes and tools over individuals and interactions

Question 66

Cybersecurity is a negative deliverable because:
A. It limits the possibility that future positive gains can be made
B. It limits the possibility of both future negative fallout and positive gains would occur
C. It limits the possibility that future negative fallout will happen
D. None of the above

Answer 66

It limits the possibility that future negative fallout will happen

Question 67

Risk assessment consists of which of the following processes?
A. Risk audit (technical & human resources), risk analysis
B. Risk analysis, risk mitigation
C. Risk audit (technical & human resources), risk mitigation
D. None of the above

Answer 67

Risk audit (technical & human resources), risk analysis

Question 68

Risk analysis is the process by which a firm attempts to quantify the hazards identified in the
risk audit.
A. True
B. False

Answer 68

true

Question 69

Rational decision making suggests that the amount invested in cyber security safeguards
should be proportional to the extent of threats and its potential negative side effects.
A. True
B. False

Answer 69

true

Question 70

After completing a risk assessment of the Information Systems security within company X, the
directors have decided to purchase an insurance against cyber security threats. What type of
risk mitigation strategy is this?
A. Risk reduction
B. Risk acceptance
C. Risk transference
D. Risk reduction & risk acceptance

Answer 70

Risk transference

Question 71

Mr. K has been a long term corporate sales account manager at a telecommunication
company. He has been angling for a promotion for the past 10 years however almost always
someone younger is promoted because they are more qualified. Disgruntled by bis workplace
he has resigned from office. On the last day of his job he decides to teach them all a lesson by
selling confidential customer information to a competitor. What kind of behavior does this
situation represent?
A. Careless behavior
B. Carless and unintentional malicious behavior
C. Intentional malicious behavior
D. Unintentional malicious behavior

Answer 71

Intentional malicious behavior

Question 72

Mary received an email on her outlook inbox that claimed it was from the IT helpdesk at her
office. The email asked her to change the password on her official account using a link within
the email in the next 15 minutes or she would automatically loose access to her account on all devices. Reading this message prompts her to click on the link which redirects her to webpage
that looks just like the outlook security settings page. What kind of external intrusion threat is
this?
A. Phishing
B. Backdoors and exploits
C. Social engineering
D. None of the above

Answer 72

Phishing

Question 73

A trojan horse like a virus delivers malicious payload and self-replicates.
A. True
B. False

Answer 73

False

Question 74

Which of the following malicious codes do not self-replicate?
A. Viruses and worms
B. Just worms
C. Trojan horses and spyware
D. None of the above

Answer 74

Trojan horses and spyware

Question 75

The distributed denial of service (DDoS) attack uses a single compromised system while a
denial of service (DoS) attack uses a large network of compromised systems.
A. False
B. True

Answer 75

False

Question 76

The difference between cybersecurity and privacy is that whereas cybersecurity is about safe
keeping of collected data, privacy is about informed consent and permission to collect and use
identifying information.
A. False
B. True

Answer 76

True

Question 77

Function creep is the situation where data collected for a stated or implied purpose is later on
reused for the same purpose.
A. True
B. False

Answer 77

False

Question 78

An organization’s ethical code of conduct communicates to all parties the organization’s
principles of ethical information system use and its formal stance enabling detection of, and
distancing from, unethical choices made by any member of the organization.
A. True
B. False

Answer 78

True

Question 79

Which of the following best describes a firm’s set of defenses to mitigate threats to its
technology infrastructure?
A. Reducing threat of new entrants
B. Longevity risk mitigation
C. Cybersecurity
D. Answer is not listed

Answer 79

Cybersecurity

Question 80

Cyber security risk assessment is a process of auditing ONLY the current technological
resources, in an effort to map the current state of the art on IS security in the organization.
A. False
B. True

Answer 80

False

Question 81

Which of the following mitigation strategies has high failure costs but low anticipation costs?
A. Risk acceptance
B. Risk reduction
C. Risk transference
D. Risk transference and risk reduction

Answer 81

Risk acceptance

Question 82

Which of the following best explains why internal exploits are hard to detect?
A. Because internal exploits often use advanced techniques that are hard to detect
B. Because companies often limit the number of employees who can access sensible
information
C. Because users are authorized on the network and their actions can go undetected unless
they make a careless mistake or discuss their behaviors with others
D. Answer is not listed

Answer 82

Because users are authorized on the network and their actions can go undetected unless
they make a careless mistake or discuss their behaviors with others

Question 83

In 2010, an Apple software engineer left a prototype of the iPhone 4 in a bar. the person who
found the phone sold it to the gadget blog Gizmodo for $5,000, who disassembled it and
posted its characteristics online. Which of the following cyber security threats best describe
this example?
A. An internal threat due to intentional malicious behavior
B. An internal threat due to careless behavior
C. An external threat due to an intrusion
D. An external threat due to online fake news

Answer 83

An internal threat due to careless behavior

Question 84

An intrusion threat consists of any situation where an unauthorized attacker gains access to
organizational IT resources.
A. True
B. False

Answer 84

True

Question 85

Mr. Smith received a phone call from a person claiming to be from his bank. The unknown
person told Mr. Smith that he needed to update his account security details. the caller asked
for Mr. Smith’s account, card and personal details in order to confirm his identity. Mr. Smith
refused to provide any details to the unknown caller, and instead, called his bank which
confirmed that the phone call was a scam. Which of the following best describes the
mentioned scam?
A. Backdoor exploit
B. Malicious code
C. Whaling
D. Social engineering

Answer 85

Social engineering

Question 86

Someone posing as an IT tech requests information about your computer configuration. What
kind of attack is this?
A. Social engineering
B. Inside threats
C. Phishing
D. Whaling

Answer 86

Social engineering

Question 87

A multinational cooperation is rethinking how it is managing its information systems’ security.
The organization needs to prove to its customers, partners and other stakeholders that it
complies with international cyber security standards. Which of the following frameworks are
best suited for the cooperation?
A. NIST cyber security framework
B. Cyber kill chain framework
C. NERC CIP
D. ISO 27001

Answer 87

ISO 27001

Question 88

Many organizations limit their employees’ access to certain websites and prevent the
individual installation of new software. Which of the following best describes this practice?
A. Mitigating internal threats through monitoring
B. Detecting internal threats through monitoring
C. Detecting external threats through monitoring
D. Answer is not listed

Answer 88

Mitigating internal threats through monitoring

Question 89

Firewalls cans be used to decrease internal cyber security threats.
A. True
B. False

Answer 89

True

Question 90

Which of the following is an example of function creep?
A. Data on number of soda cans sold by a vending machine used only to compute revenues
B. An online website that does not save or share user data without their permission
C. A research institute that uses data for its implied purpose only
D. A social network selling users’ data to third parties

Answer 90

A social network selling users’ data to third parties

Question 91

Protection of intellectual property in the internet is not an ethical issue.
A. False
B. True

Answer 91

False

Question 92

Ethical conduct is often ensured through computer software.
A. True
B. False

Answer 92

False